Microsoft still tinkering with 'secure' design

Microsoft on Wednesday warned developers at its WinHEC conference that changes continue to be made in the security technology component it plans for next-generation PCs.

Responding to reports that it had decided to scrap plans for a security-focused architecture for Longhorn, its next version of Windows, the software giant stressed that it still aims to get major features into the OS.

"I can't speak to what (the features in) Longhorn will be," Mario Juarez, a product manager for Microsoft's Security Business and Technology Unit, told CNET News.com via phone on Wednesday. "I can tell you that...we are definitely aiming to have these features in the Longhorn time frame." Longhorn is set for release in the first half of 2006.

Working with hardware makers such as IBM and Intel, Microsoft aims to develop next-generation hardware and software that can better protect data from attackers, viruses and digital pirates. The architecture, referred to as trusted PC, generally promises to do four things: secure input from devices such as the keyboard, protect application data from modification, encrypt storage and allow for attestation, which lets organizations that "own" content on a person's computer ascertain whether the data or software has been modified.

A year ago at WinHEC (the Windows Hardware Engineering Conference), Microsoft showed off a security prototype to demonstrate to developers what the secure features might look like in Windows.

But the recent qualifications made by the project team indicate that Microsoft still hasn't solved key design issues for its version of the "trusted PC" security technology, which it calls the next-generation secure computing base, or NG-SCB. For example, the company's software architects still haven't decided on the way in which Microsoft will patch the core of the secure OS or allow for restoring backups to a computer. Both activities change protected data and will run afoul of the protections erected by NG-SCB.

"It is still up in the air, along with the rest of the stuff," Juarez said.

What's not up in the air, he said, is Microsoft's commitment to producing software that, when paired with new computing hardware, can better secure data.

"Exactly how the implementation will work is what we are focused on now," he said.

One consideration is that customers are asking for more features to be available to applications without the need for the expensive rewriting of software, Juarez added.

"What our customers told us is that these features are valuable, but they...(want us) to find a way to offer some of the secure computing experience out of the box," he said.

Critics maintain that the fourth feature of Microsoft's trusted PC plan, remote attestation, could lead to major privacy issues. A paper the Electronic Frontier Foundation released last October applauded three features of Microsoft's scheme but criticized remote attestation as a threat that could lock people into certain applications, force unwanted software changes on them and prevent reverse engineering.

Such considerations could still be taken into account, as the Microsoft system is refined.

"The bottom-line message is that we have taken a lot of feedback from customers--we are making some evolutionary updates to the architecture," Juarez said.